Persistent ip rule on Linux (Redhat)

networking linux redhat

How can I configure a persistent ip rule on Linux (specifically Redhat based distros)? Is there no built in method? Is my only option adding to /etc/rc.d/rc.local or creating my own rc.d script?

Edit: For clarification I am not referring to iptables but the ip tool (which I don't think a lot of people are familiar with). In any case, the rule I am trying to persist is added with the following command:

# ip rule add fwmark 1 lookup 100
# ip rule
...
32765: from all fwmark 0x1 lookup 100
...

The only reference I've found to doing this is from Novell: http://www.novell.com/support/viewContent.do?externalId=7008874&sliceId=1 which recommends creating an rc.d script


As is customary I stumble upon the answer to my own problem shortly after asking :) Found an answer at http://grokbase.com/t/centos/centos/099bmc07mq/persisting-iproute2-routes-and-rules

On Redhat 5+ the /etc/sysconfig/network-scripts/ifup-routes script handles rule-* files. Relevant code below:

# Routing rules
FILES="/etc/sysconfig/network-scripts/rule-$1"
if [ -n "$2" -a "$2" != "$1" ]; then
    FILES="$FILES /etc/sysconfig/network-scripts/rule-$2"
fi

for file in $FILES; do
   if [ -f "$file" ]; then
       { cat "$file" ; echo ; } | while read line; do
           if [[ ! "$line" =~ $MATCH ]]; then
           /sbin/ip rule add $line
       fi
       done
   fi
done

Script for RHEL 6.5 (possibly older 6+):

# Routing rules
FILES="/etc/sysconfig/network-scripts/rule-$1 /etc/sysconfig/network-scripts/rule6-$1"
if [ -n "$2" -a "$2" != "$1" ]; then
FILES="$FILES /etc/sysconfig/network-scripts/rule-$2 /etc/sysconfig/network-scripts/rule6-$2"
fi

for file in $FILES; do
   if [ -f "$file" ]; then
       handle_ip_file $file
   fi
done

handle_ip_file() {
    local f t type= file=$1 proto="-4"
    f=${file##*/}
    t=${f%%-*}
    type=${t%%6}
    if [ "$type" != "$t" ]; then
        proto="-6"
    fi
    { cat "$file" ; echo ; } | while read line; do
        if [[ ! "$line" =~ $MATCH ]]; then
            /sbin/ip $proto $type add $line
        fi
    done
}

The above is about 3/4 of the answer - the missing piece is how to format the /etc/sysconf/network-scripts/rule-ethX file. You also need to add the routing tables to /etc/iproute2/rt_tables:

# add a line with a table identifier and name:
100    ISPname

And add the rule file /etc/sysconfig/network-scripts/rule-eth0:

# rule-eth0
from 1.2.3.4/24 table {table name from /etc/iproute2/rt_tables}
to 1.2.3.4/24 table {table name from /etc/iproute2/rt_tables}

Note that the table names must match, and are case sensitive.

Related

AWS installing mod_ssl on apache
Logrotate not rotating file after file size exceeds the limit.
How to define which SSL certificate nginx sends first with SNI?
Are SATA 1, 2 and 3 cables interchangeable?
Deploying CherryPy apps: Standalone, WSGI Server or NGinx?
Netstat hangs: why?
Postfix → Dovecot LMTP: User does not exist: uid@domain
CentOS 7 iptables not persistent after reboot
How to configure systemd to kill and restart a daemon on reload?
Simple reverse proxy with Traefik
Detect spammers on my server
How do I get S+ or better soldiers?